<?php

include("includes/connection_settings.php");

if ($_GET['f'] == "in") {
 //Strips " and ' marks
 $bannedMarks = array("\"", "'");

 $_POST['username'] = str_replace($bannedMarks, "", $_POST['username']);
 $_POST['password'] = str_replace($bannedMarks, "", $_POST['password']);

 $_POST['username'] = str_replace(" ", "_", $_POST['username']);

 $table = mysql_query("SELECT usernamePlusPassword FROM users WHERE username = '{$_POST['username']}'");

 if (md5($_POST['username'] . $_POST['password']) == mysql_result($table, 0, 0)) {
  setCookie("username", $_POST['username']);
 }

}

elseif ($_GET['f'] == "out") {
 setCookie("username", "");
}

mysql_close($connection);

header("Location: index.php");
?>